295c67de450979d5c8073df2af96186b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

295c67de450979d5c8073df2af96186b_JaffaCakes118
Size

380KB
MD5

295c67de450979d5c8073df2af96186b
SHA1

08281c101bf43f3ab692481baca035134ac8d7ca
SHA256

859b28a6d1b20fe613c603a3014cc7d80427e3dedb6d4e36ef112532a411e2c1
SHA512

cf327a4bdc62f55000e02a89605e021a7ba985b0dbfca97ae5e7f10ef37afdad2469b484e399bb4adcd0268b0e7f129b31f9b4d8bbf8bffb6c312269ac37aa0a
SSDEEP

6144:94DS7C0r3AhARAk0Pv/kjTEtfIbXCOjXAtkZSafDMBOXKnlttcKF:8S7C0cG8/kjTEZITpZSauMKntF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
295c67de450979d5c8073df2af96186b_JaffaCakes118

Files

295c67de450979d5c8073df2af96186b_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

d99af1e94d5cb5b77bbd1694f03fdea4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\build\pcsync\tiktak\tis_synch\release\TIS_Synch.pdb

Imports

ngscm

?GetUIManufacturer@CPCSL2InfoReader@@QAEPBGXZ
?PCSL_GetVariantID@CPCSL2InfoReader@@QAEGXZ
?ReadPCSL@CPCSL2InfoReader@@QAEHPAG@Z
??1CPCSL2InfoReader@@QAE@XZ
??0CPCSL2InfoReader@@QAE@XZ
?Show@CNbuuCommonMessageBox@@SAHPAUHWND__@@PBG1I@Z

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

mfc80u

ord314
ord6751
ord313
ord1189
ord3422
ord331
ord590
ord2832
ord2640
ord2936
ord3163
ord1079
ord3901
ord5406
ord1287
ord462
ord5438
ord662
ord5425
ord745
ord557
ord5442
ord3229
ord5669
ord5709
ord3855
ord425
ord3248
ord6002
ord5672
ord6000
ord443
ord1182
ord676
ord3249
ord701
ord1971
ord3677
ord380
ord5489
ord757
ord3327
ord3264
ord5562
ord5379
ord5209
ord5226
ord2239
ord4562
ord1044
ord3942
ord1043
ord5222
ord6248
ord5220
ord2925
ord5531
ord1911
ord3826
ord5378
ord6215
ord3800
ord5579
ord2054
ord6274
ord3795
ord6272
ord4008
ord4032
ord386
ord631
ord2279
ord618
ord5708
ord5999
ord2531
ord293
ord5398
ord2468
ord2444
ord894
ord899
ord774
ord577
ord288
ord284
ord283
ord280
ord2311
ord776
ord1220
ord896
ord4026
ord3990
ord5558
ord6166
ord6172
ord4078
ord5524
ord2261
ord5485
ord1472
ord4101
ord4100
ord2121
ord6167
ord6173
ord6700
ord2725
ord6014
ord5711
ord4059
ord864
ord860
ord1616
ord566
ord2460
ord2700
ord2696
ord5096
ord1007
ord2009
ord4320
ord2271
ord476
ord6171
ord287
ord2282
ord2461
ord6165
ord6161
ord282
ord2260
ord5414
ord1479
ord277
ord3841
ord2341
ord3603
ord2829
ord4301
ord2708
ord2534
ord2527
ord581
ord1200
ord1170
ord1168
ord1192
ord762
ord3712
ord3713
ord3703
ord2638
ord3943
ord4475
ord3596
ord4255
ord3629
ord1139
ord1123
ord2132
ord2343
ord5707
ord265
ord588
ord5663
ord266
ord1176
ord3159
ord328
ord5998
ord764
ord1115
ord1162
ord1908
ord371
ord1093
ord1199
ord1197
ord1087
ord1033
ord315
ord765
ord370
ord290

msvcr80

_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__CxxFrameHandler3
_purecall
wcschr
iswascii
free
_wcsdup
_localtime64
_wtol
_gmtime64_s
_wtoi
wcsftime
_mktime64
_tzset
_gmtime64
wcstoul
sprintf
strtoul
wcstol
_wsetlocale
_time64
ceil
wcsncpy
_wmakepath
_wsplitpath
floor
memset
memcpy
__clean_type_info_names_internal

kernel32

FindClose
FindFirstFileW
GetFullPathNameW
GetLastError
GetVersionExW
GetTickCount
FileTimeToSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
FileTimeToLocalFileTime
MultiByteToWideChar
GetLongPathNameW
LocalFree
LocalAlloc
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeLibrary
GetProcAddress
GetModuleFileNameW
WideCharToMultiByte
LoadLibraryW

user32

MessageBoxW
MessageBeep
wsprintfW

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegDeleteKeyW
RegCloseKey

ole32

CoTaskMemFree
CLSIDFromString
CreateStreamOnHGlobal
StgCreateDocfile
StgOpenStorage
CoGetMalloc

oleaut32

SysFreeString
VariantTimeToSystemTime
VarUdateFromDate
SystemTimeToVariantTime

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 232KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d99af1e94d5cb5b77bbd1694f03fdea4

Headers

File Characteristics

PDB Paths

Imports

ngscm

version

mfc80u

msvcr80

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 232KB - Virtual size: 228KB

.rdata Size: 48KB - Virtual size: 46KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 24KB - Virtual size: 22KB

.text Size: 64KB - Virtual size: 64KB

.text
Size: 232KB - Virtual size: 228KB

.rdata
Size: 48KB - Virtual size: 46KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 24KB - Virtual size: 22KB

.text
Size: 64KB - Virtual size: 64KB